Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
FedEx Express Receipt.exe
-
Size
864KB
-
Sample
221006-l3crnahccr
-
MD5
ba34257de8751d02e9af1e05d3a6e93d
-
SHA1
7da2f816cc2f24166f3055affedea306b9287e7c
-
SHA256
7ec5e4f9dca034b760fefc9f0d80c9225ae57d4f6d22bf1bf66dbffb48b5c06d
-
SHA512
e58d9b5b4d42fe92f36342545848eee09c920875109acec6da5aaf8858538604428f6f958382a154d6c64ab27c075a573c6d4d2ee7f0ca22aaded83f8df4e395
-
SSDEEP
12288:hHjk+R3Bxd0VioGAH8IMpIbjBpWZcvviVsZqhA7Kg4ve:51qk9IMpIbdpW+vqV0yXg4ve
Static task
static1
Behavioral task
behavioral1
Sample
FedEx Express Receipt.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
FedEx Express Receipt.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
lokibot
http://162.0.223.13/?05315
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
FedEx Express Receipt.exe
-
Size
864KB
-
MD5
ba34257de8751d02e9af1e05d3a6e93d
-
SHA1
7da2f816cc2f24166f3055affedea306b9287e7c
-
SHA256
7ec5e4f9dca034b760fefc9f0d80c9225ae57d4f6d22bf1bf66dbffb48b5c06d
-
SHA512
e58d9b5b4d42fe92f36342545848eee09c920875109acec6da5aaf8858538604428f6f958382a154d6c64ab27c075a573c6d4d2ee7f0ca22aaded83f8df4e395
-
SSDEEP
12288:hHjk+R3Bxd0VioGAH8IMpIbjBpWZcvviVsZqhA7Kg4ve:51qk9IMpIbdpW+vqV0yXg4ve
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-